Security Metrics released their third study on unencrypted card data; the results were astonishing as 63% of businesses do not encrypt credit cards. This means that businesses are storing the 16-digit Primary Account Number (PAN) in the clear. 7% of businesses are storing the magnetic stripe data found on the back of the card. Not only is storing unencrypted card information reckless—putting organizations and their customers at risk—it violates Payment Card Industry Data Security Standards (PCI DSS).
We see signs every day that inform us about safety measures an organization is taking. We have all seen these examples:
- “Premises protected by video surveillance.”
- “This vehicle stops at all railroad crossings.”
- “Driver carries less than $100 in cash.”
- “Caution: Wet floor”
These types of signs are common in business. They show customers, partners, and employees what’s being done to protect the business and help reduce the organization’s risk and liability.
As if the recent data compromises affecting more than 115,000,000 cardholders among Target, Neiman Marcus, Michaels, Aaron Brothers, Marriott and Sheraton, to name a few, are not enough, experts are predicting data breaches may increase in 2014. Are your payment security measures as strong as they could be? Wash away all the marketing hype and hyperbole, and learn why TrustCommerce clients rest well, knowing that their customers’ data is secure. These best practices protect payments and reduce the risk and liability associated with accepting electronic payments.
How can merchants address the threat of a payment data compromise?
Credit and debit cards have rapidly become the preferred payment method across the globe. We all swipe our credit cards at the check-out counter and enter our credit card numbers into e-commerce websites, usually with little thought to where the data ends up. But there are people waiting on the other end of that transaction ready to capture payment data and use it fraudulently.
Network intrusions and data compromises continue to plague the payment card industry. At the 2012 RSA Annual Security Convention, RSAʼs Executive Chairman, Arthur Coviello, told the audience, “Our networks will be penetrated. We should no longer be surprised by this.” His statement came within months of the disclosure that RSA, one of the worldʼs largest and most respected security companies, had been breached and the code to SecureID, their two-factor authentication solution, stolen. Mr. Coviello then told the attendees, “The reality today is that we are in a race with our adversaries and right now, more often than not, they are winning.”
On May 13, 2011 news broke of Michaels arts-and-crafts stores falling victim to debit-card data theft.
“Thieves tampered with the retailer’s debit-card processing equipment at about 80 stores from Massachusetts to Washington, according to the chain’s corporate parent, Michaels Stores Inc.
The thefts apparently involved the use of electronic devices called skimmers that allowed crooks to record information from shoppers’ debit cards and steal their personal identification numbers, or PINs.1”